Author Topic: Attack scenario  (Read 14497 times)

0 Members and 1 Guest are viewing this topic.

Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
emski,
Can you think of any attacks against "approval voting"?  It's quite simple; no down votes and every share can vote for (approve) of as many delegates as they like.  Delegates with the most approval win.  I think it's a perfect system for what we want and can't think of any reasonable attack.

More detailed discussion in the DPOS thread:
https://bitsharestalk.org/index.php?topic=4009.msg66308#msg66308

Only concerns I have are:
-Is it really far more demanding/taxing on the blockchain?
-Is it as easy to vote out bad delegates?
I don't think it really adds much to the blockchain as you only need to specify changes in delegate selections, people probably won't be changing their selections as often.  There is some idea that a constructed database of votes would be bigger.

My thoughts:  Whatever the costs, it is almost certainly worth it.  It is just sooo much better than current voting method.

"-Is it as easy to vote out bad delegates?"
Yes. In fact it's much easier to vote out bad delegates than in the current system and much less likely that bad delegates get voted in in the first place.  In the current system if someone has enough stake to vote themselves in as a delegate (less than 1% required) it will be next to impossible to get rid of them as a delegate if they want to vote for themselves.

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3308
    • View Profile
emski,
Can you think of any attacks against "approval voting"?  It's quite simple; no down votes and every share can vote for (approve) of as many delegates as they like.  Delegates with the most approval win.  I think it's a perfect system for what we want and can't think of any reasonable attack.

More detailed discussion in the DPOS thread:
https://bitsharestalk.org/index.php?topic=4009.msg66308#msg66308

Only concerns I have are:
-Is it really far more demanding/taxing on the blockchain?
-Is it as easy to vote out bad delegates?
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
emski,
Can you think of any attacks against "approval voting"?  It's quite simple; no down votes and every share can vote for (approve) of as many delegates as they like.  Delegates with the most approval win.  I think it's a perfect system for what we want and can't think of any reasonable attack.

More detailed discussion in the DPOS thread:
https://bitsharestalk.org/index.php?topic=4009.msg66308#msg66308

Offline emski

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
    • http://lnkd.in/nPbhxG
Quote
EVIL switches his votes to his own delegate placing it in such a way that LAZIES autovote for it.

Big leap here... how do you place it in such a way that LAZIES auto vote for it?
I used as reference https://github.com/BitShares/bitshares_toolkit/blob/master/docs/dpos.dox - @section dpos_voting_algorithm  Voting Algorithm

Assuming the new delegate has high score. Evil places it at rank 101 with some of his %2 stake (that delegate has less than 1% of votes). The misbehaving delegate now has -2% votes (all from LAZIES and none from EVIL) and is at rank > 200. With LAZIES' next transactions they should autovote again (am i right?). And LAZIES' vote should be according to the following rule
# If there are no trusted_delegates in then vote for the observed_delegate with the highest score and less than 1%
         of the vote
EVIL can easily place votes for his (high scored) delegate so that he falls in this rule. And adjust his votes each block so that he is still in that rule.

So he can free most of his stake to repeat this (assuming EVIL controls several high performing delegates). And he might "trap" all the LAZIES' votes into delegates he controls... AND THEN....
« Last Edit: June 20, 2014, 03:17:48 pm by emski »

Offline bytemaster

Quote
EVIL switches his votes to his own delegate placing it in such a way that LAZIES autovote for it.

Big leap here... how do you place it in such a way that LAZIES auto vote for it? 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline emski

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
    • http://lnkd.in/nPbhxG
And what if an attacker decides to use the LAZIES to make them vote for his delegates.
Imagine the following:
EVIL has 2% stake.
EVIL votes for misbehaving delegate.
LAZIES votedown that misbehaving delegate.
EVIL switches his votes to his own delegate placing it in such a way that LAZIES autovote for it.
Each block EVIL reduces his vote for that delegate making all LAZIES' transactions autovote for that particular delegate.

This shouldn't cause much trouble initially but if EVIL carefully places his votes he could control most of the LAZIES.

I understand that there are more "imminent" and important tasks at hand and this might not be even possible.

However my point is that LAZIES could be exploited and it might be a good idea to think about updating the autovoting algorithm to the point that it is not that predictable.

Offline bytemaster


Lazy votes will likely be those with cold storage and thus 'unchanging'. 


Isnt it possible to have 30% stake in lazy active shareholders that don't bother setting delegates?

It is.

However, I am sure if something went wrong in a major way that couldn't be resolved by the active 70% that these inactive shareholders have financial incentive to take action.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline emski

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
    • http://lnkd.in/nPbhxG

Lazy votes will likely be those with cold storage and thus 'unchanging'. 


Isnt it possible to have 30% stake in lazy active shareholders that don't bother setting delegates?
« Last Edit: June 19, 2014, 08:52:46 pm by emski »

Offline bytemaster

Why is the EVIL evil? Opportunistic maybe?

Lazy votes will likely be those with cold storage and thus 'unchanging'. 

I think that it isn't really a problem for an attacker to have 51% unless they want to use their 51% to ignore blocks from the 49... at which point it becomes very clear that a hard fork that removes all balances voting for the attacker should be performed. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3308
    • View Profile
Why is the EVIL evil? Opportunistic maybe?
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline emski

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
    • http://lnkd.in/nPbhxG
I was wondering what would happen if we had the following situation:

Imagine an evil user (EVIL) exists with 34% of the total stake.
Imagine we have 34% of the users (LAZIES) who let the software autovote.
Imagine EVIL votes for misbehaving delegates with all of his stake (34% of the total).
This should cause the LAZIES to (auto)vote against the same misbehaving delegates with ~ 34% of the total stake. So that the misbehaving delegates have <0 total votes.
As the total stake is 100% the remaining 32% controlled by honest users (HONEST) elect the remaining/acting delegates.

Then EVIL registers 51 delegates and (instantly?) votes for them with his stake (34% of the total). EVIL will surely elect all of them as we have 34% LAZIES who voted against the initial misbehaving delegates.

1.How long will it take for the LAZIES to autovote again?
2.What if EVIL arranges his votes in such way, that autovoting of LAZIES gives upvotes for his delegates, freeing some of his stake to elect other delegates?
3.Is controlling 51 of the delegates a problem?
4.Can EVIL attempt the same with less than 34% of the stake? (what is the minimum stake he needs?)

5.Is this situation impossible?

PS: Sorry if the question is lame, I'm still collecting pieces of the puzzle and I might've missed some information.